RM-A.2.2
A list of recent changes made to this Module is provided below:
| Module Ref. | Change Date | Description of Changes |
| RM-1.1.11 | 04/2008 | Clarified the requirement for investment firm licensees to have a separate risk management function. |
| RM-7.3.3 | 04/2008 | Clarified that CBB prior approval is required for intra-group outsourcing. |
| RM-7.1.6, 7.1.7 and 7.1.16 |
07/2008 | Clarified that CBB prior approval is required for outsourcing arrangements. |
| RM-B.1.2 | 10/2009 | Amended to reflect applicability of Chapters RM-7 and RM-8. |
| RM-7.1.16 | 10/2009 | Amended to read approved person. |
| RM-7.3.7 | 10/2009 | New Rule added to clarify that licensees may not outsource core business activities, including internal audit, to their group. |
| RM-7.4 | 10/2009 | Updated to reflect CBB's requirements for outsourcing the internal audit function. |
| RM-1.1.10, RM-1.1.11, and RM-1.1.13 | 07/2010 | Updated and amended to include requirements for the risk management function. |
| RM-7.1.7 | 07/2010 | New Rule added regarding outsourcing core business functions or activities to third parties. |
| RM-A.1.4 | 01/2011 | Clarified legal basis. |
| RM-B.2 | 01/2011 | Removed reference in title to affiliates. |
| RM-4.1.8 and RM-4.1.9 | 07/2012 | Replaced reference to "securities" with "financial instruments". |
| RM-7.4.5 | 10/2012 | Corrected typo. |
| RM-7.4.2A | 01/2013 | New Paragraph added to require that the outsourcing of the internal audit function must be supported by a board resolution or ratified by the audit committee. |
| RM-7.1.9 | 07/2013 | Added cross reference. |
| RM-7.1.9A and RM-7.3.4 | 07/2013 | Made reference to considerable outsourcing. |
| RM-7.4.4 | 07/2013 | Changed Guidance to Rule. |
| RM-1.1.10 to RM-1.1.13 | 10/2013 | Amendments made to allow overseas investment firm licensees to outsource the risk management function to their head office, subject to the CBB's prior written approval. |
| RM-1.1.7 | 01/2016 | Corrected cross reference. |
| RM-1.1.9 | 01/2016 | Aligned risk categories as per Module RM. |
| RM-4.1.17 | 01/2016 | Restructured Subparagraphs to avoid duplication. |
| RM-7.1.9 | 01/2016 | Clarified Guidance. |
| RM-7.1.1 | 10/2017 | Amended Paragraph to allow the utilization of cloud services. |
| RM-7.1.3A | 10/2017 | Added a new Paragraph on outsourcing requirements. |
| RM-7.1.6 | 10/2017 | Amended Paragraph. |
| RM-7.1.9 | 10/2017 | Amended Paragraph. |
| RM-7.1.11 | 10/2017 | Amended Paragraph. |
| RM-7.1.11A | 10/2017 | Added a new Paragraph on outsourcing. |
| RM-7.1.13 | 10/2017 | Amended Paragraph. |
| RM-7.1.14 | 10/2017 | Amended Paragraph. |
| RM-7.1.14(f) | 10/2017 | Added a new sub-Paragraph. |
| RM-7.1.17 | 10/2017 | Amended Paragraph. |
| RM-7.2.4 | 10/2017 | Amended Paragraph. |
| RM-7.2.11 | 10/2017 | Amended Paragraph. |
| RM-7.2.12 | 10/2017 | Amended Paragraph. |
| RM-7.2.18 | 10/2017 | Amended Paragraph. |
| RM-7.2.19 | 10/2017 | Added a new Paragraph on security measures related to cloud services. |
| RM-7.3.3 | 10/2017 | Amended Paragraph. |
| RM-7.3.4 | 10/2017 | Amended Paragraph. |
| RM-9 | 04/2019 | Added a new Chapter on Cyber Security Risk. |
| RM-9.1 | 01/2022 | Enhanced Section on Cyber Security Risk Management. |
| RM-9.1.58 | 04/2022 | Amended Paragraph on the cyber security reporting. |
| RM-9.1.59 | 04/2022 | Amended Paragraph on the submission of the cyber security report. |
| RM-7 | 07/2022 | Replaced Chapter RM-7 with new Outsourcing Requirements. |
| RM-9.1.22 | 10/2022 | Amended Paragraph on email domains requirements. |
| RM-9.1.22A | 10/2022 | Added a new Paragraph on additional domains requirements. |
| RM-7.1.7 | 07/2023 | Amended Sub-paragraph (v) and added Sub-paragraph (viii) on Outsourcing Requirements. |